CVE-2022-48950

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the perf pending task() function in the Linux kernel, which can lead to a use-after-free condition. This occurs when perf pending task() runs after the event is freed. There are two distinct cases: the task work was already queued before destroying the event, and destroying the event itself queues the task work. The first case cannot be solved using task work cancel() because perf release() might be called from a task work, making the current task work list empty. The simplest alternative is to extend the perf event lifetime to cover the task work. The second case can be avoided by rearranging how the event is marked as STATE DEAD and ensuring it goes through STATE OFF on the way down.

Recommendations As a temporary workaround, consider extending the perf event lifetime to cover the task work. Restrict access to the perf pending task() function to minimize the risk of exploitation. Avoid queueing a task work while the event is being destroyed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.